pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / atlassian / crowd.nix
at 18.09-beta 4.1 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.crowd; 8 9 pkg = pkgs.atlassian-crowd.override { 10 home = cfg.home; 11 port = cfg.listenPort; 12 openidPassword = cfg.openidPassword; 13 } // (optionalAttrs cfg.proxy.enable { 14 proxyUrl = "${cfg.proxy.scheme}://${cfg.proxy.name}:${toString cfg.proxy.port}"; 15 }); 16 17in 18 19{ 20 options = { 21 services.crowd = { 22 enable = mkEnableOption "Atlassian Crowd service"; 23 24 user = mkOption { 25 type = types.str; 26 default = "crowd"; 27 description = "User which runs Crowd."; 28 }; 29 30 group = mkOption { 31 type = types.str; 32 default = "crowd"; 33 description = "Group which runs Crowd."; 34 }; 35 36 home = mkOption { 37 type = types.str; 38 default = "/var/lib/crowd"; 39 description = "Home directory of the Crowd instance."; 40 }; 41 42 listenAddress = mkOption { 43 type = types.str; 44 default = "127.0.0.1"; 45 description = "Address to listen on."; 46 }; 47 48 listenPort = mkOption { 49 type = types.int; 50 default = 8092; 51 description = "Port to listen on."; 52 }; 53 54 openidPassword = mkOption { 55 type = types.str; 56 description = "Application password for OpenID server."; 57 }; 58 59 catalinaOptions = mkOption { 60 type = types.listOf types.str; 61 default = []; 62 example = [ "-Xms1024m" "-Xmx2048m" ]; 63 description = "Java options to pass to catalina/tomcat."; 64 }; 65 66 proxy = { 67 enable = mkEnableOption "reverse proxy support"; 68 69 name = mkOption { 70 type = types.str; 71 example = "crowd.example.com"; 72 description = "Virtual hostname at the proxy"; 73 }; 74 75 port = mkOption { 76 type = types.int; 77 default = 443; 78 example = 80; 79 description = "Port used at the proxy"; 80 }; 81 82 scheme = mkOption { 83 type = types.str; 84 default = "https"; 85 example = "http"; 86 description = "Protocol used at the proxy."; 87 }; 88 89 secure = mkOption { 90 type = types.bool; 91 default = true; 92 description = "Whether the connections to the proxy should be considered secure."; 93 }; 94 }; 95 96 jrePackage = mkOption { 97 type = types.package; 98 default = pkgs.oraclejre8; 99 defaultText = "pkgs.oraclejre8"; 100 description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152)."; 101 }; 102 }; 103 }; 104 105 config = mkIf cfg.enable { 106 users.users."${cfg.user}" = { 107 isSystemUser = true; 108 group = cfg.group; 109 }; 110 111 users.groups."${cfg.group}" = {}; 112 113 systemd.services.atlassian-crowd = { 114 description = "Atlassian Crowd"; 115 116 wantedBy = [ "multi-user.target" ]; 117 requires = [ "postgresql.service" ]; 118 after = [ "postgresql.service" ]; 119 120 path = [ cfg.jrePackage ]; 121 122 environment = { 123 JAVA_HOME = "${cfg.jrePackage}"; 124 CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions; 125 CATALINA_TMPDIR = "/tmp"; 126 }; 127 128 preStart = '' 129 rm -rf ${cfg.home}/work 130 mkdir -p ${cfg.home}/{logs,database,work} 131 132 mkdir -p /run/atlassian-crowd 133 ln -sf ${cfg.home}/{database,work,server.xml} /run/atlassian-crowd 134 135 chown -R ${cfg.user}:${cfg.group} ${cfg.home} 136 137 sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \ 138 '' + (lib.optionalString cfg.proxy.enable '' 139 -e 's,compression="on",compression="off" protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${boolToString cfg.proxy.secure}",' \ 140 '') + '' 141 ${pkg}/apache-tomcat/conf/server.xml.dist > ${cfg.home}/server.xml 142 ''; 143 144 serviceConfig = { 145 User = cfg.user; 146 Group = cfg.group; 147 PrivateTmp = true; 148 PermissionsStartOnly = true; 149 ExecStart = "${pkg}/start_crowd.sh -fg"; 150 }; 151 }; 152 }; 153}